Carnegie Mellon University, NIST and Penn State recently conducted a security social experiment: Participants were paid anywhere between a penny and a dollar to download an executable file, without question, to their devices. Most ignored the 1 cent payment, but the 58% of the participants ran the file when offered 50 cents, and 64 percent did so when offered $1.
Can attackers simply just pay users to infect their systems?
Listen to episode 158 of our security slice podcast and hear Craig Young and Tyler Reguly discuss the importance of non-security tools in security research, the major risks of running programs from questionable publishers, and why this is a flawed business model for attackers.
Click Here to Listen to the Podcast
- Security Slice Podcast: Supermicro Mother Lode
- Security Slice: Credit Cards on Safari
- Security Slice: P.F. Chang’s Paper Trail
- Security Slice: iPhones vs. Androids
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock